BIND DNS Vulnerability Security Update Advisory (CVE-2023-50868)

Mar 04 2024

Overview

An update has been made available to address a vulnerability in BIND DNS from the Internet Systems Consortium (ISC). users of affected versions are advised to update to the latest version.

Affected Products

BIND

Versions from 9.0.0 through 9.16.46
Versions from 9.18.0 through 9.18.22
Versions 9.19.0 through 9.19.20

BIND Supported Preview Edition

Versions from 9.9.3-S1 through 9.16.46-S1
Versions from 9.18.11-S1 through 9.18.22-S1

Resolved Vulnerabilities

CPU consumption vulnerability in the DNSSEC validation resolver when processing incoming responses from DNSSEC signed zones using NSEC3 in BIND and BIND Supported Preview Edition (CVE-2023-50868)

Vulnerability Patches

vulnerability Patches were made available in the February 13, 2024 update. Please follow the Referenced Sites to update to the latest Vulnerability Patches version.

BIND versions 9.16.48, 9.18.24, and 9.19.21
BIND Supported Preview Edition 9.16.48-S1, 9.18.24-S1

Referenced Sites

[1] CVE-2023-50868 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-50868
[2] BIND 9 Security Release and Multi-Vendor Vulnerability Handling, CVE-2023-50387 and CVE-2023-50868
detail https://www.isc.org/blogs/2024-bind-security-release/
[3] CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
https://kb.isc.org/docs/cve-2023-50868

BIND DNS Vulnerability Security Update Advisory (CVE-2023-50868)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome browser (122.0.6261.94) security update advisory

Mozilla Products March 2024 1st Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome browser (122.0.6261.94) security update advisory

Mozilla Products March 2024 1st Security Update Advisory